CcTLD Meetings Rome 2004 WHOIS & Data Privacy Jean-Christophe Vignes Registry Liaison Manager.

Slides:



Advertisements
Similar presentations
© 2003 Public Interest Registry Whois Workshop Registrant/User Classification & Current Practices Panel Presented by Bruce W. Beckwith VP, Operations October.
Advertisements

InternetNZ InternetNZ (INZ) is a not for profit, common interest society, established to maintain and extend the availability of the Internet and its.
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
The Data Protection (Jersey) Law 2005.
Data Protection.
© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Lecture to Carleton University, Center for European Studies, December 1, 2010.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Per Anders Eriksson
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, Peter Gietz
The Data Protection Act 1998 The Eight Principles.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.
Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
František Nonnemann Skopje, 10th October 2012 JHA Data protection and re-use of PSI as a tool for public control–CZ approach.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Visibook is instant, simple, and dynamic appointment booking We're headquartered in San Francisco, California "Visibook is awesome. My entire studio was.
Concerns of Noncommercial Users Constituency Privacy Conference November 29, 2005 Kathryn A. Kleiman, Esq. Internet Law and Policy Specialist, McLeod,
Independent Centre for Privacy Protection Schleswig-Holstein
The Data Protection Act 1998
The Data Protection Act 1998
GDPR (General Data Protection Regulation)
Issues of personal data protection in scientific research
General Data Protection Regulation
Data Protection Act.
The Data Protection Act 1998
Data Protection Legislation
ICANN62 GAC Capacity Building
GENERAL DATA PROTECTION REGULATION (GDPR)
The General Data Protection Regulation (GDPR)
G.D.P.R General Data Protection Regulations
General Data Protection Regulation
Data Protection principles
Identify the laws and guidelines that affect day-to-day use of IT.
GDPR Workshop MEU Symposium Prague 2018
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Presentation transcript:

ccTLD Meetings Rome 2004 WHOIS & Data Privacy Jean-Christophe Vignes Registry Liaison Manager

Uses of WHOIS Internet Stability –Allows network managers to contact each other quickly to try and fix issues. (RFCs 812 & 954) –Helps others benefit from the Internet by checking Domain names availability and Register them Law enforcement –Find out quickly the holder of a web site carrying offending or infringing content –Contact details used to serve legal documents E-Commerce –Customers can find out what entity is behind a web site with a well known domain name

WHOIS and Data Privacy Contact Details are useful to facilitate technical communications But WHOIS can also be used for Data Mining. Data Privacy laws and Best Practices may be needed to protect the Registrants’ Rights –E.g: CENTR - on-Whois.html

WHOIS Legal Framework Depends of the country in which the Registry operates. General trend to establish “privacy” laws Specific Directive applies to member-states of the European Union Many countries recently passed national Privacy Law with the same guidelines - YMMV :-) –Canada (January 1st 2004) –Australia (December 21st 2004) –Japan (May 23rd 2003) –…

Basic Concepts for Data Privacy “Personal Data” –Data characterizing the individual –I.e. name, address, phone number… –> WHOIS holds Personal Data! “Data Subject” and “Controller” –The Data Subject is the Registrant –The Controller is the Registry (or the Registrar) “Processing” –To Integrate the data into a database by automatic or electronic means.

Basic Concepts for Data Privacy (Cont’d) “Consent” –The Data Subject has to agree before its data can be processed and/or published. The Controller may have to inform a “Supervisory Authority” on the Process before collecting Data from subjects. I.e: Federal Privacy Commissioner (Au), Office for Personal Data Protection (Cz), Information Commissioner (UK)…

Data Privacy: Usual Principles The Controller has to be clearly identified The Data Subject has the opportunity to give its Explicit Consent before Data is processed The Data Subject is allowed to Check and Rectify the Data stored by the Data Controller The Controller can only keep the Data for an appropriate amount of time The Controller has to keep the Data accurate and up-to-date Transfer to third parties in other countries can only happen under certain conditions

Data Privacy: ccTLD Perspective - 1 Provide the Registrant with the full details of the entity processing the Data –The Registrant has to know how and where to contact the Registry, the information has to be readily available on the Registry’s site –the controller […] must provide the data subject with […] the identity of the controller and of his representative, if any (Article 10a of the ECD) Inform the Registrant of any process hat might take place on its data –Privacy Policy page may be clearly accessible on the Registry’s site (On the index page in a easy to read format and wording) –the controller […] must provide the data subject with […] the purposes of the processing for which the data are intended [and] the recipients or categories of recipients of the data (Articles 10b & 10c of the ECD)

Data Privacy: ccTLD Perspective - 2 Consent –Check-Box at the bottom of the Registration agreement –any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed (Article 2 of the ECD) Check and Rectify –E.g: Web form to access and edit the Data, dedicated address ?) to ask for an output of the stored –Data subject [has] the right to obtain from the controller […] as appropriate the rectification, erasure or blocking of data (Article 23b of the ECD)

Data Privacy: ccTLD Perspective - 3 Maintain the Data –Data should be kept on a secure server and rendered anonymous after a certain period of time –The controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, (Articles 13-2 and 17 of the ECD) Transfer to third parties –If the Registry transfers the Data in another country (to Registrars)it has to make sure the Data is protected. –the transfer to a third country of personal data […] may take place only […]the third country in question ensures an adequate level of protection. (Article 25-1 of the ECD)

Data Privacy: ccTLD Perspective - 4 Accuracy of the Data –Important role for the Registrar –National Law? I.e: U.S. Bill HR 4640 – Registry Terms & Conditions The Registrant has to make sure and represent that Data submitted fro Registration is accurate.

Beyond WHOIS Allow Registrants to refuse publication of selected data –“ex-listed” –i.e Provide an “availability-only” service –Easy way to know if a Domain is available without providing personal data –avail.nic.TM on Port 43 Tiered Access

Conclusion Data Privacy has become a worldwide preoccupation WHOIS service causes concern that may be addressed by Registries Solutions exist that preserve flexibility and the Registrants’ rights Towards WHOIS Best Practices?

Thank You !

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.